The zlib compression library is used by hundreds of applications to
provide compression and uncompression functions. It has a flaw that
can corrupt the data structures of the malloc function call and
possibly be used in a denial-of-service attack, to view
arbitrary data, or, under some circumstances, to execute arbitrary code.
Libraries and any software statically linked to a library that are
based on version 1.1.3 or earlier of zlib are vulnerable to this
flaw.

Software that has been reported to be affected by this flaw
(statically linked to code from a vulnerable version of the zlib
library) include: the Linux Kernel, gpg, rsync, cvs, rrdtool, freeamp,
Netscape, vnc, ssh-1.2.33, ssh-3.1.0, gcc 3.0, gcc-2.96, mirrordir,
ppp, chromium, HDF, XFree86, rpm, libdiffie, flash,
qt-embedded, pngcrush, librpm, popt, cpp, libstdc++, libgcj, xterm,
abiword, Adobe Acrobat, Apache, dictd, evolution, MS Office, IE,
DirectX, and many more. A longer list of applications that are
reported to be vulnerable is available from http://www.gzip.org/zlib/apps.html.

Users should upgrade the zlib system libraries as soon as possible to
version 1.1.4, and should upgrade any software based on, or linked to,
version 1.1.3 or earlier of zlib. Many vendors have released updates
for the library and collections of statically linked applications.

Concurrent Versions System (CVS), a version control system, is
vulnerable under some conditions to a remote denial-of-service
attack that will crash pserver. Versions of CVS through 1.11 also
contain a vulnerable version of the zlib library and under some
conditions may also be remotely vulnerable to an attack using the zlib
vulnerability.

Affected users should watch their vendor for an updated version and
should consider removing remote access to CVS servers until it has
been repaired.

Many RADIUS servers are vulnerable to a buffer overflow and a design
flaw that can be used in a denial-of-service attack. If the attacker
knows the shared secret, it is possible to exploit the buffer overflow
to execute arbitrary code with the permissions of the user under which the
RADIUS server is executing (often root). The denial-of-service
attack is in code that does not properly validate the length of
specific attributes.

Servers affected by the buffer overflow include (all earlier versions
are also affected): Ascend RADIUS version 1.16, Cistron RADIUS version
1.6.4, FreeRADIUS version 0.3, GnuRADIUS version 0.95, ICRADIUS
version 0.18.1, Livingston RADIUS version 2.1, RADIUS (also called
Lucent RADIUS) version 2.1, RADIUSClient version 0.3.1, YARD RADIUS
1.0.19, and XTRADIUS 1.1-pre1.

Servers affected by the denial-of-service attack include (all earlier
version are also affected): Cistron RADIUS version 1.6.5, FreeRADIUS
version 0.3, ICRADIUS version 0.18.1, Livingston RADIUS version 2.1,
YARD RADIUS 1.0.19, and XTRADIUS 1.1-pre1.

It is recommended that affected users upgrade to a repaired version of
their RADIUS server and protect the server from unauthorized
connections with a firewall.

efingerd is a customizable finger daemon. Version 1.3 is vulnerable
to a buffer overflow that can be remotely exploited to execute
arbitrary code with the permissions of the user running efingerd
(usually the user nobody). Versions 1.3 and 1.6.1 have a feature that
can be used by a local user to connect to the machine and execute
arbitrary commands as the user that is executing efingerd.

The feature can be turned off using the -u option. Users should
watch for an updated version that repairs the buffer overflow and
should consider disabling efingerd until it has been updated.

The maintainers of PureTLS have announced that an unspecified
vulnerability in all versions prior to PureTLS 0.9b2 was discovered
during an internal audit. PureTLS is a pure Java implementation of
SSLv3/TLS.

They strongly recommend that all users upgrade to version PureTLS 0.9b2
or newer as soon as possible.

Under some conditions, a race condition in GNU fileutils can be used by a local attacker to cause users to remove unexpected files. This
is caused by a insecure chdir("..") system call being used to return to
higher level directories during a recursive remove (rm -rf, for
example).

A patch has been released for the 4.1.6 development version. Users
should watch their vendor for an updated file utilities package.

The SMS Server Tools package contains applications that are used to
send short messages using GSM modems. Versions of SMS Server Tools
before version 1.4.8 are vulnerable to string-format bugs that can be
exploited to execute arbitrary commands with the permissions of the
user executing smsd.

It is recommended that users upgrade to version 1.4.8 of the SMS Server
Tools as soon as possible.